ecryptfs-recover-private leaves filenames encrypted

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
Grokling
Level 1
Level 1
Posts: 22
Joined: Fri May 06, 2011 5:32 am

ecryptfs-recover-private leaves filenames encrypted

Post by Grokling »

Mint 17.3, Cinnamon on i7 laptop

I rebooted (the nice way - not a hard reboot) and was unable to log in. Permissions on /home/[myusername] weren't 755, and that caused errors when ~/.dmrc was checked for permissions.

I ctrl+alt+f2'd and as root chmod 755 /home/[myusername] The user and group were still correct.

This allowed the login to proceed, but ecryptfs had disconnected my files in the meantime.

ecryptfs-recover-private is able to decrypt and mount the files into /tmp/ecryptfs.xxxxxx, BUT the filenames are still encrypted, so I'm not hugely further ahead.

How can I decrypt the filenames? (I know the passphrase, and the files appear to be intact)

User avatar
WharfRat
Level 21
Level 21
Posts: 13898
Joined: Thu Apr 07, 2011 8:15 pm

Re: ecryptfs-recover-private leaves filenames encrypted

Post by WharfRat »

This requires booting to the live media. viewtopic.php?t=134231#p720340

Good luck :wink:
ImageImage

Grokling
Level 1
Level 1
Posts: 22
Joined: Fri May 06, 2011 5:32 am

Re: ecryptfs-recover-private leaves filenames encrypted

Post by Grokling »

Thanks WharfRat - you can do this from the already installed OS as it turns out.

BUT, it also turns out that although I thought I knew the passphrase, and recovery said it worked, it actually didn't.

Recovering the passphrase doesn't seem to want to work either, so I suspect I just have to wave goodbye to everything I had on there and start fresh. Still no clues as to why it went pearshaped either.

User avatar
WharfRat
Level 21
Level 21
Posts: 13898
Joined: Thu Apr 07, 2011 8:15 pm

Re: ecryptfs-recover-private leaves filenames encrypted

Post by WharfRat »

I just discovered something very disheartening - ecryptfs-recover-private didn't work on my encrypted Mint flash encrypted /home.

So try this, very carefully in a root terminal

Mount your linux partition, or if you have separate /home partition, to /mnt as that's how I have this setup.

Code: Select all

export envvars='opts fnek fnek_sig d sigs mount_sig mount_opts tmpdir'

for o in $envvars;do export "$o=";done; opts=ro;tmpdir=/tmp/mine

d=$(find /mnt/home/.ecryptfs/wharfrat -type d -name ".Private") && echo "$d"   #replace wharfrat with the user's /home folder name

ls "$d/ECRYPTFS_FNEK_ENCRYPTED"* >/dev/null 2>&1 && fnek="--fnek" || fnek=

ecryptfs-insert-wrapped-passphrase-into-keyring "$d/../.ecryptfs/wrapped-passphrase"  # Enter the user's password when prompted

sigs=$(sed -e "s/[^0-9a-f]//g" "$d/../.ecryptfs/Private.sig") && echo "$sigs"

echo "$sigs" | wc -l
If the result is 1 use the following three lines

Code: Select all

   mount_sig=$(echo "$sigs" | head -n1) && echo "$mount_sig"
   fnek_sig=
   mount_opts="$opts,ecryptfs_sig=$mount_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16" && echo "$mount_opts"
otherwise if the result is two then use these

Code: Select all

  mount_sig=$(echo "$sigs" | head -n1) && echo "$mount_sig"
  fnek_sig=$(echo "$sigs" | tail -n1) && echo "$fnek_sig"
  mount_opts="$opts,ecryptfs_sig=$mount_sig,ecryptfs_fnek_sig=$fnek_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16" && echo "$mount_opts"
Now make the /tmp/mine folder and mount the encrypted folder.

Code: Select all

mkdir "$tmpdir"

mount -i -t ecryptfs -o "$mount_opts" "$d" "$tmpdir"


Now look in /tmp/mine for your stuff.

Good luck :wink:
ImageImage

Post Reply

Return to “Software & Applications”